ssrf vulnerability

Microsoft issued security updates on March 10, 2026 that address CVE-2026-26118, a high‑severity elevation‑of‑privilege vulnerability in the Azure MCP (Model Context Protocol) Server Tools family that security researchers and multiple vendor trackers describe as a server‑side request forgery...

The Node.js ecosystem’s long-deprecated request package is at the center of a persistent supply‑chain question: CVE‑2023‑28155 describes a server‑side request forgery (SSRF) bypass triggered by cross‑protocol redirects in request versions up through 2.88.x, and Microsoft’s public advisory names...

Apache HTTP Server has a Windows-only Server-Side Request Forgery (SSRF) flaw that can be forced to make the server connect to attacker-controlled UNC (SMB) targets and thereby leak NTLM authentication material — a vulnerability tracked as CVE-2025-59775 and fixed in Apache httpd 2.4.66...

In early 2025, cybersecurity researchers uncovered a critical vulnerability in Microsoft 365 Copilot, dubbed "EchoLeak," which allowed attackers to extract sensitive user data without any user interaction. This zero-click exploit highlighted the potential risks associated with deeply integrated...

In recent developments, cybersecurity researchers have uncovered a critical vulnerability in Microsoft Copilot, an AI-powered assistant integrated into Office applications such as Word, Excel, Outlook, and Teams. Dubbed "EchoLeak," this flaw enables attackers to exfiltrate sensitive data from a...

A new chapter in cloud security transparency has arrived, one defined by the simultaneous emergence of major critical vulnerabilities and a commendable industry commitment to open disclosure. Over the past week, Microsoft confirmed the existence and subsequent mitigation of multiple, previously...

The disclosure of several critical vulnerabilities in Microsoft’s cloud ecosystem, including one rated as a perfect 10.0 on the Common Vulnerability Scoring System (CVSS), marks a pivotal moment in both the enterprise security landscape and public trust in hyperscale providers. Microsoft’s...

In the ever-evolving landscape of cloud software security, vigilance is not just a best practice—it's a necessity. Recent disclosure of CVE-2025-47733, a significant information disclosure vulnerability affecting Microsoft Power Apps, has once again placed the spotlight on the risks inherent to...

In the evolving landscape of cloud security threats, vulnerabilities that affect essential storage services warrant swift attention from enterprises and IT professionals. One of the latest and most pressing of these issues is CVE-2025-29972, a Server-Side Request Forgery (SSRF) vulnerability...

Cloud backup solutions are the steel backbone behind today’s seamless IT continuity, allowing businesses to sleep easy knowing critical data is securely stored. But when the very software designed to protect your castle becomes a vulnerability, it’s an all-hands-on-deck situation. That’s the...

On August 6, 2024, security experts at the Microsoft Security Response Center identified an important vulnerability (CVE-2024-38206) within Microsoft Copilot Studio that could compromise sensitive information. This article delves into the details of this vulnerability, its implications, and...